use random/srandom instead weak functions rand/srand

rockdaboot · Mar 22, 2015 · 129f4bc · 129f4bc
1 parent 71d1ed3
commit 129f4bc
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/libmget/http.c b/libmget/http.c
@@ -1369,7 +1369,7 @@ void mget_http_add_credentials(mget_http_request_t *req, mget_http_challenge_t *
 
 		if (!mget_strcmp(algorithm, "MD5-sess")) {
 			// A1BUF = H( H(user ":" realm ":" password) ":" nonce ":" cnonce )
-			snprintf(cnonce, sizeof(cnonce), "%08x", rand()); // create random hex string
+			snprintf(cnonce, sizeof(cnonce), "%08lx", random()); // create random hex string
 			mget_md5_printf_hex(a1buf, "%s:%s:%s", a1buf, nonce, cnonce);
 		}
 
@@ -1379,7 +1379,7 @@ void mget_http_add_credentials(mget_http_request_t *req, mget_http_challenge_t *
 		if (!mget_strcmp(qop, "auth") || !mget_strcmp(qop, "auth-int")) {
 			// RFC 2617 Digest Access Authentication
 			if (!*cnonce)
-				snprintf(cnonce, sizeof(cnonce), "%08x", rand()); // create random hex string
+				snprintf(cnonce, sizeof(cnonce), "%08lx", random()); // create random hex string
 
 			// RESPONSE_DIGEST = H(A1BUF ":" nonce ":" nc ":" cnonce ":" qop ": " A2BUF)
 			mget_md5_printf_hex(response_digest, "%s:%s:00000001:%s:%s:%s", a1buf, nonce, /* nc, */ cnonce, qop, a2buf);

diff --git a/src/options.c b/src/options.c
@@ -1110,7 +1110,7 @@ int init(int argc, const char *const *argv)
 	mget_set_oomfunc(_no_memory);
 
 	// seed random generator, used e.g. by Digest Authentication and --random-wait
-	srand(time(NULL) ^ getpid());
+	srandom(time(NULL) ^ getpid());
 
 	// this is a special case for switching on debugging before any config file is read
 	if (argc >= 2) {